CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it....
Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels....
Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed....
The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom....
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?...
By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks....
Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025....
Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers....
...
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but....
By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions....
Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers....
Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly....
Fraudsters are targeting high-turnover workforces and compromising accounts that are associated with frequent payouts....
The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report....
By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage....
The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar....
In the latest "Secure Future Initiative" progress report, Microsoft describes efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new Secure by Design UX Toolkit....
Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses....
Verizon's "2025 Data Breach Investigations Report" highlights dire — but not new — trends in the education sector, where faculty and staff continue to fall for social engineering campaigns and make simple security errors....
M&S has launched an investigation and said some customer operations are impacted....
Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations....
Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked....
Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS....
In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust....
Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power....
The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn't materialize and less widely touted attack scenarios shot up....
Understanding how multiple AI models speak to each other and deciding which framework to use requires careful evaluation of both the business benefits of advanced AI orchestration and the cybersecurity implications of connecting automated services....
The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023....
The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack....
Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month....
A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications....
Agentic AI's appeal is growing as organizations seek more autonomous and hands-off approaches to their security protocols....
The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability....
Since January, threat actors distributing the malware have notched up more than 100 victims....
The threat actor uses sophisticated social engineering techniques to infect a victim's device, either with an infostealer or remote access Trojan (RAT)....
Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services....
Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession....
The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score....
The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right....
Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene....
...
...
Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire....
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal....
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers....
Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to....
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity....
The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users' wallet addresses with their own....
The president revoked the former CISA director's security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation....
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target w...
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security i...
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud s...
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a v...
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CV...
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range o...
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning ...
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (bl...
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unrepo...
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). A...
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybe...
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CV...
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according t...
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This...
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional s...
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck ...
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy crimina...
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identi...
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outsi...
Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially...
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-rel...
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute ...
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques ov...
Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per V...
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: ...
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not...
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy mine...
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with ed...
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highligh...
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The ...
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it comp...
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a te...
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLa...
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compro...
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this arti...
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red f...
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organ...
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER vari...
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api...
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improp...
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated...
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,&quo...
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most secur...
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significa...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CV...
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This i...
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy hav...
Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing ...
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS sc...
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works&...
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the N...
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of netw...
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintai...
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances fo...
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups a...
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcont...
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reop...
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, ...
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life....
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through onl...
Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features....
Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies....
In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe....
Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes....
Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks....
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border....
Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools....
In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting....
The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate....
Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”...
The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it....
A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages—and how little they actually saved....
Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board....
Microsoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren't enough....
From crypto kingpins to sophisticated scammers, these are the lesser-known hacking groups that should be on your radar....
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world....
For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders....
Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating....
Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption....
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks....
BreachForums posts a PGP-signed message explaining the sudden April 2025 shutdown. Admins cite MyBB 0day vulnerability impacting the…...
Toronto, Canada, 28th April 2025, CyberNewsWire...
Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…...
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud....
Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…...
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…...
Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...
Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…...
Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has…...
Silent Push reveals a complex scheme where North Korean hackers posed as crypto companies, using AI and fake…...
The letter, released through the Electronic Frontier Foundation, calls Trump’s executive order “retaliatory.” The post Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne appeared first on CyberScoop. ...
“It’s practically taboo” for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats. The post Cybersecurity vendors are themselves under attack by hackers, SentinelOne says appeared first on CyberScoop. ...
The legislation calls on federal law enforcement to help state, local and tribal agencies with blockchain and other investigative tools to fight pig butchering and other schemes. The post House bill seeks better tech to combat financial fraud scams against elderly appeared first on CyberScoop. ...
Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability. The post SAP zero-day vulnerability under widespread active exploitation appeared first on CyberScoop. ...
He served under then-South Dakota Gov. Kristi Noem, who now heads up the Department of Homeland Security. The post CISA gets new No. 2: Madhu Gottumukkala appeared first on CyberScoop. ...
The vulnerability threat intelligence firm’s research reinforces a slew of recent reports warning about increased exploits in 2024. The post VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 appeared first on CyberScoop. ...
More broadly, AI is viewed as being a double-edged sword in cybersecurity, one that can bolster both defensive and offensive operations. The post AI speeds up analysis work for humans, two federal cyber officials say appeared first on CyberScoop. ...
Requests to block federal agencies from sharing federal data with states and to condition federal election funding were denied by Judge Colleen Kollar-Kotelly. The post Judge tosses citizenship provisions in Trump elections order appeared first on CyberScoop. ...
Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network edge devices. The post Attackers hit security device defects hard in 2024 appeared first on CyberScoop. ...
The yearly report from the bureau is filled with stats. We pulled out the most interesting ones. The post 10 key numbers from the 2024 FBI IC3 report appeared first on CyberScoop. ...
ArmorCode launched Anya, an agentic AI champion purpose-built for AppSec and product security teams. Following a successful early access program, Anya is now available to all ArmorCode enterprise customers, delivering intelligent, conversation-driven security insights that close the expertise gap an...
Palo Alto Networks announced Prisma AIRS, an AI security platform that serves as the cornerstone for AI protection, designed to protect the entire enterprise AI ecosystem – AI apps, agents, models, and data – at every step. Building upon the company’s Secure AI by Design portfolio laun...
AuditBoard announced a new AI governance solution, enableing customers to fast-track their AI risk management programs and drive responsible AI innovation and adoption at scale. AuditBoard’s new AI governance solution will help customers meet AI best practices outlined in frameworks like t...
Sentra launched Data Security for AI Agents solution, specifically designed to address the emerging challenges associated with proliferating AI assistants and empower large enterprises to embrace AI innovation securely and responsibly. With the solution, Sentra also announced platform support for Ag...
Netskope announced expansion of the Netskope One platform to cover more AI security use cases, including enhanced protections for private applications and data security posture management (DSPM) attributes. While other vendors focus on enabling safe user access to AI applications, Netskope capabilit...
Trend Micro announced new AI-powered threat detection capabilities designed specifically for enterprises embracing AI at scale. This effort brings together Trend’s security expertise with NVIDIA accelerated computing and NVIDIA AI Enterprise software, leveraging AWS infrastructure to suppo...
Censys is launching a new solution specifically designed to enable threat hunting teams to track adversary infrastructure. The Censys’ Threat Hunting solution is part of Censys’ recently released Internet Intelligence platform, which provides security teams across the enterprise ...
Abnormal AI introduces autonomous AI agents that improve how organizations train employees and report on risk while also evolving its email security capabilities. In a year defined by the explosive use of malicious AI for cybercrime, Abnormal is doubling down on its mission to protect people. With i...
Peridio, a platform for building and maintaining advanced embedded products, has launched Avocado OS, an open-source embedded Linux distribution made to simplify the way developers build complex embedded systems. Avocado OS focuses on delivering a smooth developer experience while offering security,...
Flashpoint announced new capabilities to its flagship platform, Flashpoint Ignite. These innovations are designed to deliver insights that align with customers’ threat intelligence needs, enabling organizations to make informed decisions and protect their most critical assets. “Too often...
Online fraud is costing billions - but Malwarebytes' security tools could be the secret weapon companies need to protect themselves and fight back....
Using Linux is a good start - but it is not enough. These easy privacy tricks could mean the difference between secure and sorry....
Passwords and passkeys each involve a secret. The critical difference: How that secret gets handled....
Your Amazon Fire Stick, Chromecast, and other streaming devices collect your personal data for various reasons. If you're uncomfortable with that, here's how to get peace of mind....
The passkey standard has reached a precarious moment. Let's not blow it, OK?...
Netflix won't easily block our favorite streaming VPNs, and we've tried and tested the best VPNs for high-speed, reliable streaming....
Just because you're running Apple's rock-solid operating system doesn't mean your privacy is automatically protected. These simple steps will keep you safer....
Looking for the best Linux VPN? Here are my favorites....
Protect yourself and your Mac with the top antivirus software for Mac in the market, tested and recommended by our experts....
Do passcodes really protect you more from warrantless phone searches than biometrics? It's complicated....
The Sensitive Content Warnings feature shields you from images in Google Messages that may contain nudity and lets you easily block numbers - but you'll need to enable it....
Until Google rolls out a fix, you'll have to be on the lookout for this particularly convincing phishing scam....
It's not often we see a VPN developed as more than just a way to hide your IP address and give you some online protection against tracking. So how does the open-source, Mixnet-based NymVPN project stack up?...
We've selected the top Bluetooth trackers, from AirTags to Tile, to help you keep track of your belongings, no matter if you're on iOS or Android....
ChatGPT can 'read' your photos for location clues - even without embedded GPS or EXIF data. Here's why that could be a problem....
The Aqara Camera Hub G5 Pro provides AI-powered visual recognition technology with a host of home security features. Best of all, it doesn't require a monthly subscription....
Unveiled today, AI Assist aims to help public safety officers do their jobs more efficiently - and safely. Here's how it works....
Smarter TV operating systems come with new privacy risks - chief among them is automatic content recognition (ACR), a feature that tracks what you watch....
The number of infostealers sent through phishing emails jumped by 84% last year. IBM X-Force offers these recommendations for defending yourself from all manner of malware....
Apple's iOS 18.4.1 update fixes a bug with wireless CarPlay and resolves two security holes already exploited in targeted attacks....
Why Does Improving Non-Human Identity and Data Response (NHIDR) Matter? How often do we consider the impact of Non-Human Identities (NHIs) on our data security? The management of NHIs and their accompanying secrets has become an indispensable necessity for businesses. From financial services and hea...
Capturing the Essence of Powerful Secrets Scanning Wondering how to enhance your organization’s cybersecurity measures? Among the vast spectrum of cybersecurity tools available, secrets scanning is one that holds paramount significance. Secrets scanning, as an integral part of Non-Human Identities...
Are You Confident Your Data Safety Measures Are Up to Scratch? The rise of digital transformation is not without its pitfalls, one of which is the challenge of maintaining data safety and security. With the majority of businesses relying heavily on cloud-based environments for storing and handling d...
Bugcrowd today at the 2025 RSA Conference announced its intent to create a red team service to test cybersecurity defenses using a global network of ethical hackers. Alistair Greaves, director of red team operations for Bugcrowd, said via a Red Team-as-a-Service (RTaaS) offering that a global pool ...
Blackpoint Cyber today at the 2025 RSA Conference unveiled a unified security posture and response platform that is based on the company’s managed detection and response (MDR) service. Company CTO Manoj Srivastava said the CompassOne platform provides organizations the tool to discover assets alo...
Anthropic shows how bad actors are using its Claude AI models for a range of campaigns that include influence-as-a-service, credential stuffing, and recruitment scams and becomes the latest AI company to push back at threat groups using their tools for malicious projects. The post Anthropic Outline...
Accelerating its aggressive foray into artificial intelligence (AI) security, Palo Alto Networks Inc. on Monday said it has agreed to acquire cybersecurity startup Protect AI. Additionally, the company launched an ambitious AI security platform at the RSA Conference in San Francisco, as well as upd...
No matter the size or industry, businesses that handle payment card data must comply with PCI DSS (Payment Card Industry Data Security Standard). However, not all businesses have the same compliance requirements. The scope and level of PCI compliance solutions depend on factors such as: Understandin...
The BSides Seattle 2025 speakers showed how security and IAM fail under stress and why usable security must consider human limits and machine-scale risk. The post BSides Seattle 2025: Rebuilding Trust in Systems In The Age Of NHIs appeared first on Security Boulevard. ...
The EU's Chat Control proposal presents a critical dilemma: protecting children from online abuse without compromising privacy and security. This comprehensive analysis decodes the legislation's technical implications and what it means for encrypted communications worldwide. The post EU&am...